University of Oklahoma IT Team on High Alert in Light of Ransomware Attacks

An attack like the recent WannaCry attack is alarming for educational institutions like OU, which has thousands upon thousands of digital records with information on students, faculty, financial information, research and more.

By Adam Troxtell, The Norman Transcript, Okla. | May 18, 2017

Shutterstock

(TNS) -- NORMAN — As news spread of the large-scale cyber attack using a type of virus called ransomware over the weekend, the University of Oklahoma’s information technology team went on alert.

This particular virus, named WannaCry, didn’t have as large of an impact in the U.S. as it did elsewhere, with only FedEx catching the brunt of the attack. However, vital and private records elsewhere were being encrypted, and the only way to get them back was to pay the hackers $300.

It’s alarming for an organization like OU, which has thousands upon thousands of digital records with information on students, faculty, financial information, research and more.

“As an industry, you can think of us as a small city,” said Ron Fellhauer, executive director of network, security and risk management at OU I.T. “We do have lots of very valuable data, from student data to financial data, even health records. So, we take our job very seriously in protecting that.”

In the wake of the reported attack, Fellhauer said I.T. personnel at the university began paying close attention, seeking out the opinions of security research firms.

“Then we look at our defenses to see if there’s anything we need to tune,” he said. “We sent out a general advisory across to all OU staff, just to be diligent. This particular threat did emanate through an email message. We always take those opportunities to remind people to be diligent about what they click on.”

WannaCry was spread via email, but soon it wasn’t as simple as not clicking on a link or attachment.

The real reason behind the ransomware’s rapid spread was a loophole discovered in the security of Microsoft Windows operating systems.

When networks became infected, a message suddenly popped up on computer screens informing the user that their files had been encrypted and the only way to get them back and ensure they were not destroyed was to pay $300 in the internet currency Bitcoin. Hospitals in the U.K. and Indonesia could not access records, businesses in Australia and South Korea were locked out of systems and even a train station in Germany experienced problems.

“Preparing for this kind of thing is actually really hard,” said Mark Raymond, the Wick Cary Assistant Professor of International Security at OU. “There are an unknown number of software vulnerabilities in existence.”

Cybersecurity is one of Raymond’s areas of expertise. He said there are entities that sometimes know of software vulnerabilities before they can be exploited, particularly security services.

The National Security Administration knew of the security loophole used by WannaCry, and this knowledge was reportedly stolen in a hack in April. Fortunately, Raymond said, the NSA decided to share this knowledge with Microsoft, who then developed a software patch.

Why didn’t it prevent the ransomware attack in the first place?

“People are notoriously bad about patching and updating their software,” Raymond said. “Everyone who was affected hadn’t updated their software. That is a problem, and it is a known problem in the software industry.”

Fellhauer said remaining aware of software patches and updates, and ensuring campus computer systems all have them, is a big part of I.T.’s security job.

“There is a lot of vigilance involved,” he said. “Getting that patch involved in the environment is a big part of it.”

But there’s another problem with the way security vulnerabilities are handled, and no patch or update can solve it. Raymond said sometimes organizations like the NSA will discover loopholes but not disclose them to the public or software companies.

They’re called “zero-day exploits,” Raymond said. It’s similar to discovering a new kind of weapon technology: if one organization has something that another doesn’t, then it immediately becomes an advantage.

“Those kinds of exploits are fundamental to conducting good cybersecurity offense,” Raymond said. “If you want to gain unlawful access to someone’s computer system, having that knowledge is really essential. There is a black market in these zero-day exploits. This attack really highlights how dangerous that practice is, though.”

If the NSA hadn’t told Microsoft about the vulnerability, WannaCry’s reign of terror could have been far worse.

And there’s nothing that says a future ransomware outbreak won’t be, as Fellhauer pointed out copycat attacks are almost inevitable.

“This is a continuing problem, but it’s not a severe issue because there’s already a fix for this,” Raymond said. “If there was not, we would be in a very dangerous situation. It’s easy to imagine a scenario where we witness an attack that we don’t already have a patch for.”

Fellhauer said I.T. will keep a close eye on the latest attempts to exploit security loopholes. Prior to taking his job at OU, he managed security for Dell for more than 20 years and said the threat from cyberattacks has only grown.

“Looking back over the last five years or so, it’s escalating,” Fellhauer said. “It’s gone from a weekly or daily thing to an hourly thing. You’re always vigilant to what’s going on.”